The NY Times experienced an outage today for the second time in two weeks. On August 14th, the issue was said to have been an internal issue. But today, the issue was characterized as something more malicious. And that may not be the only target, as it appears the Syrian Electronic Army may have compromised the registration records for the NY Times, Huffington Post UK and Twitter.

Eileen Murphy, VP of corporate communications at The New York Times, tweeted earlier that the outlet’s outage today was “most likely result of malicious external attack.”

re: http://t.co/BQE1fJ3uLx – initial assessment – issue is most likely result of malicious external attack. working to fix

Adrian Chen at Gawker posted that others noticed for a brief time, the NY Times site pointed to a Syrian Electronic Army domain and displayed a message that read, “Hacked by SEA.”

The New York Times is experiencing a outages today, and the anonymous hacktivists of the Syrian Electronic Army may have been the culprit. Computer security expert Matt Johansen, manager for the Threat Research Center at WhiteHat Security, noticed that during the outage that the New York Times’ website briefly pointed to a Syrian Electronic Army domain. (As of this writing, the domain has been fixed.)

Matt Johansen, head of the Threat Research Center at WhiteHat Security, offered clarification that the NY Times DNS appeared to have been pointing to an SEA name server. He also noticed an issue with Twitter’s domain registration ownership.

Just to clarify. NYTimes DNS was pointing to an SEA name server. Twitters domain registration ownership information seems compromised.

Indeed, as I went to check on the Syrian Electronic Army’s Twitter account to see if they had claimed credit for the NY Times outage, there was a tweet that the Twitter domain registration ownership had been taken over by SEA. It appears SEA may have been changing some WHOIS records.

Jaeson Schultz, whose bio says he does Threat Research Analysis and Communications work for Cisco Systems, tweeted that SEA appears as though it’s hosting new domains for the NY Times and Twitter on its IP.

All the details aren’t entirely clear yet, as this is still a developing story, but at this point, it appears the Syrian Electronic Army is certainly up to something. Given that SEA is a pro-Assad group, such antics certainly wouldn’t be surprising with the latest controversy drawing criticisms against the Assad regime over alleged chemical attacks against the Syrian people.

At 20:49 UTC, our DNS provider experienced an issue in which it appears DNS records for various organizations were modified, including one of Twitter’s domains used for image serving, twimg.com. Viewing of images and photos was sporadically impacted. By 22:29 UTC, the original domain record for twimg.com was restored. No Twitter user information was affected by this incident.

The NY Times said the issue was related to an attack on the company’s domain name registrar:

The New York Times Web site was unavailable to readers Tuesday afternoon after an online attack on the company’s domain name registrar, Melbourne IT. The attack also forced employees of The Times to stop sending out sensitive e-mails.

Marc Frons, chief information officer for The New York Times Company, issued a statement at 4:20 p.m. warning employees that the disruption — which appeared to still be affecting the Web site more than two hours later — was the result of an external attack by “the Syrian Electronic Army or someone trying very hard to be them.” He advised employees to “be careful when sending e-mail communications until this situation is resolved.”

And according to Matthew Keys, a SEA hacker confirmed Melbourne IT was compromised.

A hacker who goes by the name “The Shadow” confirmed to The Desk Tuesday evening that the group had compromised Melbourne IT, a serviced used by the NYTimes, Twitter and others to register web addresses.

UPDATE 9:10pm ET:

Melbourne IT says compromised login credentials of a reseller allowed the hackers to gain access.

Australian web hosting firm Melbourne IT has confirmed an attack on its servers led to outages at the websites of The New York Times and Twitter overnight.

A spokesman for the Melbourne-based company said the login credentials of a reseller for the company had been compromised, allowing attackers to access servers and change key details that direct users to the correct websites.

[…]

“We are currently reviewing our logs to see if we can obtain information on the identity of the party that has used the reseller credentials, and we will share this information with the reseller and any relevant law enforcement bodies,” they said.

“We will also review additional layers of security that we can add to our reseller accounts.”

There is a synopsis of all of the above in my Cyber Beat Daily column at Breitbart.

Comments

Interesting that virtually all of the websites they hacked are left wing. Perhaps that says something about their veracity as to Syria. We certainly know about their (lack of) veracity regarding everything else.

The enemy of my enemy is my friend and life at times can make for some very odd bedfellows.

I’ve never been convinced the persons involved with the SEA have anything to do with Syria. Once in a while they’ll drop something that appears to confirm that cover story but that is just distraction. The most likely scenario is that they’re here in the u.s., were very well educated in american schools and have multiple degrees in social engineering. The way some of these attacks happened they must have had people on the ground close to the victims.